| Risk | Severity | Likelihood | |------|----------|-------------| | Malicious redirect to phishing page (e.g., “Facebook login expired”) | High | Medium | | Drive-by download of fake “Video Codec” (actually ransomware/infostealer) | Medium | Low (requires vulnerable browser/plugins) | | Session cookie theft via malvertising | Medium | Medium | | Browser fingerprinting + cross-site tracking | Low/Medium | Very High | | Unwanted Chrome extension installation | Medium | Medium (via social engineering) |
| Domain Example | Niche | Same Pattern? | |----------------|-------|----------------| | funbd.net | Movies | Yes – popunders, fake subs | | dhakaview.live | News mix | Yes – plus sensational headlines | | bdix24.live | Sports | Yes – often same ad IDs | | timepass.com.bd (defunct) | Entertainment | Historic predecessor | timepassbd.live
| Revenue Source | Mechanism | |----------------|-----------| | | $0.50–$2.00 per 1k views (PropellerAds, PopCash) | | Push notification spam | Trick user into “Allow notifications” – then send casino/sex ads daily | | Fake download buttons | Affiliate payouts for APK installs (often adware or data stealers) | | Cryptominer (covert) | Uses user CPU while on page (less common now but possible) | | Data harvesting | Sells IP, User-Agent, referrer to fingerprinting services | referrer to fingerprinting services |